Add option to glidecondor_addDN to auto-extract cert DN
For situations where we want to add the DN of a cert/proxy that is on the local disk,
having glidecondor_addDN automatically extract the DN from the file would be
both handy and would reduce human error.
#2 Updated by Parag Mhashilkar about 7 years ago
- Assignee changed from Parag Mhashilkar to Igor Sfiligoi
Comments below, rest look ok to me.
Any reason not to use strip() over [:-1] in line below? strip seems more safer to me
Maybe this is personal preference,
seems more readable than
#4 Updated by Parag Mhashilkar about 7 years ago
So what if a version of openssl starts spitting out dn without newline? The current code will break but if you use strip() you are covered. Also I dont know of anyone that does string matching of dn with trailing spaces. I would say it was not a good decision to allow trailing spaces in DN, but thats not upto me now.
#7 Updated by Parag Mhashilkar about 7 years ago
extract_DN() is broken for rfc proxies and needs to be fixed.
My test giving it rfc proxy returned
'subject= /DC=org/DC=doegrids/OU=People/CN=Parag Mhashilkar 209917/CN=381159416'
I remember vaguely fixing a issue something like this in the code elsewhere couple of years back. Just cant seem to recollect exactly where. Maybe we can just reuse that?
#8 Updated by Igor Sfiligoi about 7 years ago
I thought the CN=XYZ were deprecated, but I jsut checked, and you are right...
the RFC ones indeed use that syntax :(
Will have to fix this, it seems.
However, the only reliable way is using the
Should I assume it is available?
#9 Updated by Igor Sfiligoi about 7 years ago
- Assignee changed from Igor Sfiligoi to Parag Mhashilkar
I have implemented the extract_DN function using the M2Crypto library calls;
(should have done it from the start!)
It now properly climbs the chain, and extracts the first non-CA DN from the file.
I also converted all newline removal lines to use rstrip.
Parag: Can you please check if there are any remaining issues?